Configure FortiGate NGFW log forwarding using the GUI

You can configure Fortinet® FortiGate® Next-Generation Firewall (NGFW) to send the necessary logs to Arctic Wolf® for security monitoring using the FortiGate NGFW user interface.

Note:

We recommend completing this procedure using the CLI tool. For more information, see Configure Fortinet FortiGate NGFW log forwarding using the CLI.

These resources are required:

  • An activated Arctic Wolf Sensor or Virtual Log Collector (vLC)
  • Access to your FortiGate NGFW

Configure Fortinet Fortigate logging

  1. Sign in to your FortiGate NGFW.
  2. Click Log & Report > Log Settings.
  3. On the Global Settings tab, configure these settings:
    Note: Make sure to set the format to default. The CEF format is unsupported and causes parsing issues during Fortinet log ingestion.
    • Event Logging — Click All.
    • Local traffic logging — Click All.
    • Syslog logging — Click Enable.
    • IP address/FQDN — Enter the IP address of your Arctic Wolf physical or virtual sensor.
  4. Click Apply.

Provide configuration information to Arctic Wolf

  1. Sign in to the Arctic Wolf Unified Portal.
  2. In the navigation menu, click Tickets & Alerts > All Tickets.
  3. Perform the appropriate action, depending on if you are:
    • A new customer — In the Ticket Type list, select Onboarding. Then, click the existing [Deploy] Site Config: <ticket_subject> ticket.
    • An existing customer — Click Open a New Ticket.
  4. On the Open a New Ticket page, configure these settings:
    • What is this ticket related to? — Select General request.
    • Subject — Enter Syslog changes.
    • Related ticket (optional) — Keep empty.
    • Message — Enter this information for your Concierge Security® Team (CST):
      • Confirmation that you completed the steps in this configuration guide.
      • The IP address or hostname of the Arctic Wolf Sensor that you used during the configuration.
      • The IP address, timezone, and device type for all sources that you are forwarding.
      • Questions or comments that you have.
  5. Click Send Message.

    Your CST reviews the details to make sure that Arctic Wolf is successfully processing the logs.